A network security method utilizing a bespoke honeypot includes first duplicating a protected image of a network accessible application from a primary container in which the protected image executes into a secondary container as a duplicated image. The method further includes modifying data in the duplicated image to different values than corresponding values in the protected image while retaining a same format as the values of the protected image, thereby forming a bespoke honeypot or chimaera. Thereafter, the method includes detecting an attempted intrusion in the protected image of the primary container and, in response to the detection, identifying a network source of the attempted intrusion, routing subsequent requests from the identified network source to the duplicated image in the secondary container and logging interactions between the identified network source and the duplicated image.
Legal claims defining the scope of protection, as filed with the USPTO.
2. The method of claim 1, wherein the detected attempted intrusion is an attempt to complete a field in a user interface to the network accessible application with a database operation.
3. The method of claim 1, wherein the detected attempted instruction is a change content of an exchanged token between the network source and the protected image of the network accessible application.
4. The method of claim 1, wherein the identification of the network source comprises identifying an Internet protocol address of the network source.
5. The method of claim 1, wherein the identification of the network source comprises identifying a portion of a request header received from the network source.
7. The system of claim 6, wherein the detected attempted intrusion is an attempt to complete a field in a user interface to the network accessible application with a database operation.
8. The system of claim 6, wherein the detected attempted instruction is a change content of an exchanged token between the network source and the protected image of the network accessible application.
9. The system of claim 6, wherein the identification of the network source comprises identifying a portion of a request header received from the network source.
11. The computer program product of claim 10, wherein the detected attempted intrusion is an attempt to complete a field in a user interface to the network accessible application with a database operation.
12. The computer program product of claim 10, wherein the detected attempted instruction is a change content of an exchanged token between the network source and the protected image of the network accessible application.
13. The computer program product of claim 10, wherein the identification of the network source comprises identifying an Internet protocol address of the network source.
14. The computer program product of claim 10, wherein the identification of the network source comprises identifying a portion of a request header received from the network source.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
July 31, 2020
October 1, 2024
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.